Assign topic to the user
We purchased the consultants kit from your team and so far it has been great. We have starting helping one of our clients with their iso initiative, and we ran into a question I was hoping you could answer.
We perform most all IT functions for this company including its security monitoring, what is the greatest role we can fill with their ISO project team. Can we handle all the traditional functions of a CISO as described in your blog and toolkit? In essence we are already performing those capabilities on a greatly reduced scale. Or do they need to have an internal employee fill that role?
Answer:
Yes, your company can perform tasks related to the manage of the ISMS, including functions of a CISO, so it i not necessary that the company has an internal employee for the CISO position. Here is important that the company that wants to implement the ISO 27001 has the necessary knowledge about the standard to implement it, and they can request services of an external company to do it. But in this case, remember that it is very important to take in place agreements between both companies. Your company will be a supplier for your client, so the template Supplier Security Policy" can be interesting for you. You can find it in the folder 08 Annex AA.15 Supplier relationships.
Finally, I think that these articles can be interesting for you:
What is the job of Chief Information Security Officer (CISO) in ISO 27001?: https://advisera.com/27001academy/knowledgebase/what-is-the-job-of-chief-information-security-officer-ciso-in-iso-27001/
Chief Information Security Officer (CISO) - where does he belong in an org chart?: https://advisera.com/27001academy/blog/2012/09/11/chief-information-security-officer-ciso-where-does-he-belong-in-an-org-chart/
Comment as guest or Sign in
Jan 12, 2016